When we issue a request to pf and expect a serialised nvlist as a reply
we have to supply a suitable buffer to the kernel.
The required size for this buffer is difficult to predict, and may be
(slightly) different from request to request.
If it's insufficient the kernel will return ENOSPC. Teach libpfctl to
catch this and send the request again with a larger buffer.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34908
Previously it was disabled right before translation was enabled.
This way the disable logic is still executed even when translation
is not be activated, e.g. with hw.iommu.dma=0 tunable set.
On some platforms we need to disable PMR in order for core dump to work.
At the same time it was observed that enabling translation has
a significant impact on network performance.
With this patch PMR can be disabled, with IOMMU translation not being
turned on by appending the following to the loader.conf:
hw.dmar.enable=1
hw.dmar.pmr.disable=1
hw.dmar.dma=0
Sponsored by: Stormshield
Obtained from: Semihalf
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D34907
Provide a very brief introduction to capabilities, using a couple of
sentences from David Chisnall's mailing list response[1] to a question
about Linux capabilities and Capsicum.
Mailing list subject (in case the archive URL changes) was
Re: Linux capabilities to Capsicum
[1] https://lists.freebsd.org/archives/freebsd-hackers/2022-April/001032.html
Reviewed by: oshogbo
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34945
This argument is useless for the vast majority of drivers. For now,
use __VA_ARGS__ wrapper macros so that that the *DRIVER_MODULE()
macros accept both the old version (with a devclass) and the new
version (which omits the argument and stores NULL in the
driver_module_data structure). This provides an API compatiblity
shim that can be merged to older stable branches.
Once all drivers relevant to 14.0 (both in and out of tree) have been
updated, the API compat shims can be dropped.
Reviewed by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D34963
This permits a driver module structure that doesn't want to store a
pointer to the new driver's devclass.
Reviewed by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D34962
Insert padding in __cxa_exception struct for compatibility
Similar to https://github.com/llvm/llvm-project/commit/f2a436058fcb, the
addition of __attribute__((__aligned__)) to _Unwind_Exception (in commit
b9616964) causes implicit padding to be inserted before the unwindHeader
field in __cxa_exception.
Applications attempt to get at the earlier fields in __cxa_exception, so
preserve the same negative offsets in __cxa_exception, by moving the
padding to the beginning of the struct.
The assumption here is that if the ABI is not aware of the padding
before unwindHeader and put the referenceCount/primaryException in
there, no padding should exist before unwindHeader.
This should make libreoffice's custom exception handling mechanisms work
correctly, even if it was built against an older cxxabi.h/unwind.h pair.
PR: 263370
MFC after: 3 days
diff3 in -m mode generates a complete file with changes bracketed with
conflict markers. This adds support for diff3 to generate version
control style three way merge output.
The output format was inferred from looking at the gnu diff3 output on a
selection of test files as a specification of what diff3 -m should
output is not available. It is likely there are cases where the -m
output differs from other tools and I am happy to update diff3 to
address these.
Discussed with: pstef, kevans
Sponsored by: Klara, Inc.
Diff3 in -A mode generates an ed script to show how the 3 files and
brackets changes that conflict. The ed script generated should when
applied leave familiar merge conflict markers in a patched file.
Diff3 output is not documented, this feature has been arrived at by
comparing bsd diff3 output to gnu diff3 output until they were made to
agree. There are likely to still be differences between these formats.
The gnu diff3 guide is actually quite good at explaining how diff3
output should appear, but it doesn't cover every form of output from
diff3.
https://www.gnu.org/software/diffutils/manual/diffutils.html#Comparing-Three-Files
Discussed with: pstef, kevans
Sponsored by: Klara, Inc.
We already set it earlier in do_setup_env().
Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1")
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Replace the edscript code that tracked and printed lines using byte
offsets with code that can work from line offsets.
This tidies up the reduces duplication in the edscript output code. It
also fixes the usage of the de struct so that it only tracks diffs as
line offsets rather than the usage changing from line offsets to byte
offsets during the lifetime of diff3.
Large files with large numbers of ranges will probably suffer in
performance here, but as we don't use diff3 yet this isn't a regression.
Include a warning for future hackers so they have a place to start
hacking from.
Reviewed by: pstef
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34941
When exporting sysctls to Prometheus, the exporter replaces "." with
"_". This caused several metrics to alias, confusing the Prometheus
server. Fix it by:
* Renaming the "tcp_log_bucket" UMA zone to "tcp_log_id_bucket". Also,
rename "tcp_log_node" to "tcp_log_id_node" for consistency.
* Not exporting sysctls with "(LEGACY)" in the description. That is
used by ZFS sysctls that have been replaced by others, many of which
alias to the same Prometheus metric name (like "vfs.zfs.arc_max" and
"vfs.zfs.arc.max").
PR: 259607
Reported by: delphij
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: delphij,rew,thj
Differential Revision: https://reviews.freebsd.org/D34952
This test cannot run without an unprivileged_user being specified
anyways, so just run as the unprivileged user. Revoking read permisions
works just as well if you're guaranteed non-root.
Reviewed by: pstef
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34950
During a FUSE_WRITE, the kernel requests the server to write a certain
amount of data, and the server responds with the amount that it actually
did write. It is obviously an error for the server to write more than
it was provided, and we always treated it as such, but there were two
problems:
* If the server responded with a huge amount, greater than INT_MAX, it
would trigger an integer overflow which would cause a panic.
* When extending the file, we wrongly set the file's size before
validing the amount written.
PR: 263263
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34955
make tinderbox now passes with this warning enabled as a fatal error,
so revert the change to hide it in preparation for making it fatal.
This reverts commit e8e691983bb75e80153b802f47733f1531615fa2.
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D34948
Disable software LRO during kernel dumping, because having it enabled
requires to be in a network epoch, which might or might not be the
case depending on the code path resulting in the panic.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D34787
We have a report of a panic in GELI that appears to go away when
unmapped I/O is disabled. Add a tunable to make such investigations
easier in the future. No functional change intended.
PR: 262894
Reviewed by: asomers
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34944
Main change is a callback for checking validity period of certificates.
Merge commit 'f6acb9b9f81c96ae7c9592bee1bb89c4357cc3e5'
Add -DHAVE_BR_X509_TIME_CHECK to libsecureboot/Makefile.inc
This variable was flagged as a set but unused warning as its value was
read from a register and then modified to set a bit
(TI_MBOX_SYSCONFIG_SOFTRST). After the variable is modified, the code
then loops waiting for the SOFTRST bit to go clear in the
TI_MBOX_SYSCONFIG register. Presumably merely reading from the
register does not request a reset as other places in the driver read
this register, so most likely the updated value of sysconfig setting
the reset bit is supposed to be written to the register to request a
reset before the polling loop that waits for the reset to finish.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34856
All consumers already do it and it was required on amd64 and i386
until recently (1c1bf5bd7c1e479a7889839b941f53e689aa2569).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D34932
Preparation for updating bearssl, pull in updates to libsecureboot.
o fix handling of some out-of-memory cases
o allow more control over reporting of Verified/Unverified files.
this helps boot time when console output is slow
o recheck verbose/debug level after reading any unverified file
o more debug support for vectx
o hash_string to support fake stat for tftp
o tests/tvo add -v to simply verify signatures
o vets.c allow for HAVE_BR_X509_TIME_CHECK which will greatly simplify
verification in loader
o report date when certificate fails validity period checks
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
cxgbei needs the ability to return different limits based on the
connection (e.g. if the connection is over a T5 adapter or a T6
adapter as well as factoring in the MTU).
This change plumbs through the changes in the ioctls without changing
any of the backends. The limits callback passed to icl_register now
accepts a second socket argument which holds the integer file
descriptor. To support ABI compatiblity for old binaries, the
callback should return "global" values if the socket fd is zero.
The CTL_ISCSI_LIMITS argument used with CTL_ISCSI by ctld(8) now
accepts the socket fd in a field that was previously part of a
reserved spare field. Old binaries zero this request which results in
passing a socket fd of 0 to the limits callback.
The ISCSIDREQUEST ioctl no longer returns limits. Instead, iscsid(8)
invokes a new ISCSIDLIMITS ioctl after establishing the connection via
connect(2). For ABI compat, if the old ISCSIDREQUEST is invoked, the
global limits are still fetched (with a socket fd of 0) and returned.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34928
This reduces duplication in the two lists and makes it clearer which
ioctls are needed in the ICL_KERNEL_PROXY case.
Reviewed by: mav
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34927
__diagused only squelches warnings for variables used under
INVARIANTS, it does not apply to custom debug knobs like
LINUXKPI_DEBUG_80211. Use __unused instead.
The result of the request computed in new_status was never returned to
the caller leaving new_status as a set-but-unused variable. Removing
new_status leaves sc->previous_status as a write-only variable.
Removing sc->previous_status leaves current_status as a write-only
variable, so it collapses down to removing the entire
USB_ST_TRANSFERRED case.
Arguably, all of the support for UHID_SNES_STATUS_DT_RD should be
removed as it doesn't return anything to the caller. If the request
should be fixed instead then this commit should be reverted and
new_status should be returned to whoever submitted the request.
Differential Revision: https://reviews.freebsd.org/D34840
